Embodiments of the present invention relate to a transaction device for performing a transaction with an external device through a communication link.
Embodiments of the present invention also relate to a method for securing a transaction between a transaction device and an external device, in particular a transaction made with a programmable portable device.
Nowadays, transactions can be performed using conventional portable devices such as, for example, mobile telephones, personal digital assistants (PDAs), or the like. In fact, wireless or contactless communication technology can easily be embedded in such portable devices for the establishment of wireless or contactless communication with an external device in order to perform transactions.
FIG. 1 shows an example of a conventional transaction device 1 with Near Field Communication (NFC) communication capabilities. Essentially, the transaction device includes an NFC communication controller 10, an application processor 20, a display device 31, and an input device 32 linked to the application processor 20.
The NFC communication controller 10 includes an antenna coil that allows a contactless data link CDL to be established with an external NFC device 40, which can be, for example, a payment terminal, a cash machine, or the like. The external device 40 is also equipped with an antenna coil and both the external device and the NFC communication controller can exchange data by inductive coupling.
Inside the transaction device 1, the communication controller 10 is coupled with at least one data and program memory 11, in which a program executed by the controller 10 is stored. The application processor 20 is coupled with at least one data and program memory 21 in which application programs are stored.
Additionally, the transaction device 1 typically includes another communication interface 22 through which it can receive application programs APP which are stored in memory 21 and executed by the application processor 20. It is assumed here that at least one application program APP has been downloaded to manage a transaction through the contactless data link CDL.
By nature, such a conventional portable device is much less secure than a certified and secured payment device, such as those found in shops or banks. In particular, the application processor 20, in which application programs APP can be downloaded and installed using the communication interface 22, may contain malicious software. This malicious software can be designed to intercept or corrupt transaction data in paid applications, such as payment of a restaurant bill, withdrawal of money from a cash machine, payment for access to a specific location (e.g., subway, museum, nightclub, or the like), or the like. Consequently, such a corruption of transaction data may lead to the payment of an amount greater than that expected by the user.
For example, a transaction may be initiated and a connection (data link CDL) may be established between the transaction device 1 and the external device 40. The external device 40 sends the transaction data to the transaction device 1. The amount is displayed on the display device 31 and the user is then prompted to confirm acceptance of payment of the indicated amount of money by entering an acknowledgement through the input device 32 (for example, by selecting “Yes” or “No,” by entering a personal code as an acknowledgment, or both). The application processor then forwards this acknowledgment to the external device 40 in order to complete the transaction. Malicious software may corrupt the application program APP so that the transaction is performed with transaction data that is different from the data displayed to and/or accepted by the user. As an example, a transaction for an amount of 1000ε may be initiated by the malicious software, whereas an amount of 10ε is displayed to the user. In this case, 1000ε are actually paid instead of the 10ε that the user accepted to pay.
Therefore, it is desirable to provide a method for securing a transaction made with a transaction device that may be corrupted by malicious software, in particular a transaction made with a conventional programmable portable device.